A Review Of Free SOA-C01 Vce

NEW QUESTION 1
A user has created a VPC with CIDR 20.0.0.0/16. The user has created public and VPN only subnets along with hardware VPN access to connect to the user??s datacenter. The user wants to make so that all traffic coming to the public subnet follows the organization??s proxy policy. How can the user make this happen?

• A. Setting up a NAT with the proxy protocol and configure that the public subnet receives traffic from NAT
• B. Setting up a proxy policy in the internet gateway connected with the public subnet
• C. It is not possible to setup the proxy policy for a public subnet
• D. Setting the route table and security group of the public subnet which receives traffic from a virtual private gateway

Answer: D

Explanation:
The user can create subnets within a VPC. If the user wants to connect to VPC from his own data centre, he can setup public and VPN only subnets which uses hardware VPN access to connect with his data centre. When the user has configured this setup, it will update the main route table used with the VPN-only subnet, create a custom route table and associate it with the public subnet. It also creates an internet gateway for the public subnet. By default, the internet traffic of the VPN subnet is routed to a virtual private gateway while the internet traffic of the public subnet is routed through the internet gateway. The user can set up the route and security group rules. These rules enable the traffic to come from the organization??s network over the virtual private gateway to the public subnet to allow proxy settings on that public subnet.

NEW QUESTION 2
A user has created a VPC with a public subnet. The user has terminated all the instances which are part of the subnet. Which of the below mentioned statements is true with respect to this scenario?

• A. The user cannot delete the VPC since the subnet is not deleted
• B. All network interface attached with the instances will be deleted
• C. When the user launches a new instance it cannot use the same subnet
• D. The subnet to which the instances were launched with will be deleted

Answer: B

Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to the user??s AWS account. A user can create a subnet with VPC and launch instances inside that subnet. When an instance is launched it will have a network interface attached with it. The user cannot delete the subnet until he terminates the instance and deletes the network interface. When the user terminates the instance all the network interfaces attached with it are also deleted.

NEW QUESTION 3
A user has created a VPC with a subnet and a security group. The user has launched an instance in that subnet and attached a public IP. The user is still unable to connect to the instance. The internet gateway has also been created. What can be the reason for the error?

• A. The internet gateway is not configured with the route table
• B. The private IP is not present
• C. The outbound traffic on the security group is disabled
• D. The internet gateway is not configured with the security group

Answer: A

Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to the user??s AWS account. AWS provides two features the user can use to increase security in VPC: security groups and network ACLs. Security groups work at the instance level. When a user launches an instance and wants to connect to an instance, he needs an internet gateway. The internet gateway should be configured with the route table to allow traffic from the internet.

NEW QUESTION 4
A user has created a VPC with CIDR 20.0.0.0/24. The user has created a public subnet with CIDR 20.0.0.0/25 and a private subnet with CIDR 20.0.0.128/25. The user has launched one instance each in the private and public subnets. Which of the below mentioned options cannot be the correct IP address (private IP. assigned to an instance in the public or private subnet?

• A. 20.0.0.255
• B. 20.0.0.132
• C. 20.0.0.122
• D. 20.0.0.55

Answer: A

Explanation:
When the user creates a subnet in VPC, he specifies the CIDR block for the subnet. In this case the user has created a VPC with the CIDR block 20.0.0.0/24, which supports 256 IP addresses (20.0.0.0 to 20.0.0.255.. The public subnet will have IP addresses between 20.0.0.0 - 20.0.0.127 and the private subnet will have IP addresses between 20.0.0.128 - 20.0.0.255. AWS reserves the first four IP addresses and the last IP address in each subnet??s CIDR block. These are not available for the user to use. Thus, the instance cannot have an IP address of 20.0.0.255

NEW QUESTION 5
A user is trying to setup a scheduled scaling activity using Auto Scaling. The user wants to setup the
recurring schedule. Which of the below mentioned parameters is not required in this case?

• A. Maximum size
• B. Auto Scaling group name
• C. End time
• D. Recurrence value

Answer: A

Explanation:
Auto Scaling based on a schedule allows the user to scale the application in response to predictable load changes. The user can also configure the recurring schedule action which will follow the Linux cron format. If the user is setting a recurring event, it is required that the user specifies the Recurrence value (in a cron format., end time (not compulsory but recurrence will stop after this. and the Auto Scaling group for which the scaling activity is to be scheduled.

NEW QUESTION 6
An organization has setup Auto Scaling with ELB. Due to some manual error, one of the instances got rebooted. Thus, it failed the Auto Scaling health check. Auto Scaling has marked it for replacement. How can the system admin ensure that the instance does not get terminated?

• A. Update the Auto Scaling group to ignore the instance reboot event
• B. It is not possible to change the status once it is marked for replacement
• C. Manually add that instance to the Auto Scaling group after reboot to avoid replacement
• D. Change the health of the instance to healthy using the Auto Scaling commands

Answer: D

Explanation:
After an instance has been marked unhealthy by Auto Scaling, as a result of an Amazon EC2 or ELB health check, it is almost immediately scheduled for replacement as it will never automatically recover its health. If the user knows that the instance is healthy then he can manually call the SetInstanceHealth action (or the as-setinstance- health command from CLI. to set the instance's health status back to healthy. Auto Scaling will throw an error if the instance is already terminating or else it will mark it healthy.

NEW QUESTION 7
A user has setup a VPC with CIDR 20.0.0.0/16. The VPC has a private subnet (20.0.1.0/24. and a public subnet (20.0.0.0/24.. The user??s data centre has CIDR of 20.0.54.0/24 and 20.1.0.0/24. If the private subnet wants to communicate with the data centre, what will happen?

• A. It will allow traffic communication on both the CIDRs of the data centre
• B. It will not allow traffic with data centre on CIDR 20.1.0.0/24 but allows traffic communication on 20.0.54.0/24
• C. It will not allow traffic communication on any of the data centre CIDRs
• D. It will allow traffic with data centre on CIDR 20.1.0.0/24 but does not allow on 20.0.54.0/24

Answer: D

Explanation:
VPC allows the user to set up a connection between his VPC and corporate or home network data centre. If the user has an IP address prefix in the VPC that overlaps with one of the networks' prefixes, any traffic to the network's prefix is dropped. In this case CIDR 20.0.54.0/24 falls in the VPC??s CIDR range of 20.0.0.0/16. Thus, it will not allow traffic on that IP. In the case of 20.1.0.0/24, it does not fall in the VPC??s CIDR range. Thus, traffic will be allowed on it.

NEW QUESTION 8
Your EC2-Based Multi-tier application includes a monitoring instance that periodically makes application -level read only requests of various application components and if any of those fail more than three times 30 seconds calls CloudWatch lo fire an alarm, and the alarm notifies your operations team by email and SMS of a possible application health problem. However, you also need to ??watch the watcher?? --the monitoring instance itself - and be notified if it becomes unhealthy.
Which of the following is a simple way to achieve that goal?

• A. Run another monitoring instance that pings the monitoring instance and fires a could watch alarm mat notifies your operations team should the primary monitoring instance become unhealthy.
• B. Set a CloudWatch alarm based on EC2 system and instance status checks and have the alarm notify your operations team of any detected problem with the monitoring instance.
• C. Set a CloudWatch alarm based on the CPU utilization of the monitoring instance and nave the alarm notify your operations team if the CPU usage exceeds 50% few more than one minute; then have your monitoring application go into a CPU-bound loop should it Detect any application problems.
• D. Have the monitoring instances post messages to an SQS queue and then dequeue those messages on another instance should the queue cease to have new messages, the second instance should first terminate the original monitoring instance start another backup monitoring instance and assume (he role of the previous monitoring instance and beginning adding messages to the SQS queue.

Answer: B

NEW QUESTION 9
You use S3 to store critical data for your company Several users within your group currently have lull permissions to your S3 buckets You need to come up with a solution mat does not impact your users and also protect against the accidental deletion of objects.
Which two options will address this issue? Choose 2 answers

• A. Enable versioning on your S3 Buckets
• B. Configure your S3 Buckets with MFA delete
• C. Create a Bucket policy and only allow read only permissions to all users at the bucket level
• D. Enable object life cycle policies and configure the data older than 3 months to be archived in Glacier

Answer: AD

NEW QUESTION 10
A user has enabled detailed CloudWatch monitoring with the AWS Simple Notification Service. Which of the below mentioned statements helps the user understand detailed monitoring better?

• A. SNS will send data every minute after configuration
• B. There is no need to enable since SNS provides data every minute
• C. AWS CloudWatch does not support monitoring for SNS
• D. SNS cannot provide data every minute

Answer: D

Explanation:
CloudWatch is used to monitor AWS as well as the custom services. It provides either basic or detailed
monitoring for the supported AWS products. In basic monitoring, a service sends data points to CloudWatch every five minutes, while in detailed monitoring a service sends data points to CloudWatch every minute. The AWS SNS service sends data every 5 minutes. Thus, it supports only the basic monitoring. The user cannot enable detailed monitoring with SNS.

NEW QUESTION 11
A media company produces new video files on-premises every day with a total size of around 100GBS after compression All files have a size of 1 - 2 GB and need to be uploaded to Amazon S3 every night in a fixed time window between 3am and 5am Current upload takes almost 3 hours, although less than half of the available bandwidth is used.
What step(s) would ensure that the file uploads are able to complete in the allotted time window?

• A. Increase your network bandwidth to provide faster throughput to S3
• B. Upload the files in parallel to S3
• C. Pack all files into a single archive, upload it to S3, then extract the files in AWS
• D. Use AWS Import/Export to transfer the video files

Answer: B

Explanation:
Reference:
https://aws.amazon.com/blogs/aws/amazon-s3-multipart-upload/

NEW QUESTION 12
When using the following AWS services, which should be implemented in multiple Availability Zones
for high availability solutions? Choose 2 answers

• A. Amazon DynamoDB
• B. Amazon Elastic Compute Cloud (EC2)
• C. Amazon Elastic Load Balancing
• D. Amazon Simple Notification Service (SNS)
• E. Amazon Simple Storage Service (S3)

Answer: BC

NEW QUESTION 13
A user is planning to set up the Multi AZ feature of RDS. Which of the below mentioned conditions won't take advantage of the Multi AZ feature?

• A. Availability zone outage
• B. A manual failover of the DB instance using Reboot with failover option
• C. Region outage
• D. When the user changes the DB instance??s server type

Answer: C

Explanation:
Amazon RDS when enabled with Multi AZ will handle failovers automatically. Thus, the user can resume database operations as quickly as possible without administrative intervention. The primary DB instance switches over automatically to the standby replica if any of the following conditions occur:
An Availability Zone outage The primary DB instance fails
The DB instance's server type is changed
The DB instance is undergoing software patching
A manual failover of the DB instance was initiated using Reboot with failover

NEW QUESTION 14
A system admin is planning to encrypt all objects being uploaded to S3 from an application. The system admin does not want to implement his own encryption algorithm; instead he is planning to use server side encryption by supplying his own key (SSE-C.. Which parameter is not required while making a call for SSE-C?

• A. x-amz-server-side-encryption-customer-key-AES-256
• B. x-amz-server-side-encryption-customer-key
• C. x-amz-server-side-encryption-customer-algorithm
• D. x-amz-server-side-encryption-customer-key-MD5

Answer: A

Explanation:
AWS S3 supports client side or server side encryption to encrypt all data at rest. The server side encryption can either have the S3 supplied AES-256 encryption key or the user can send the key along with each API call to supply his own encryption key (SSE-C.. When the user is supplying his own encryption key, the user has to send the below mentioned parameters as a part of the API calls:
x-amz-server-side-encryption-customer-algorithm: Specifies the encryption algorithm
x-amz-server-side-encryption-customer-key: To provide the base64-encoded encryption key
x-amz-server-side-encryption-customer-key-MD5: To provide the base64-encoded 128-bit MD5 digest of the encryption key

NEW QUESTION 15
A system admin wants to add more zones to the existing ELB. The system admin wants to perform this activity from CLI. Which of the below mentioned command helps the system admin to add new zones to the existing ELB?

• A. elb-enable-zones-for-lb
• B. elb-add-zones-for-lb
• C. It is not possible to add more zones to the existing ELB
• D. elb-configure-zones-for-lb

Answer: A

Explanation:
The user has created an Elastic Load Balancer with the availability zone and wants to add more zones to the existing ELB. The user can do so in two ways:
From the console or CLI, add new zones to ELB;

NEW QUESTION 16
A company Development team to access the AWS Management Console. A System Administrator has been asked to find a solution so that the Developers can sign in to the console using Active Directory (AD) credentials and not as IAM users.
What steps should the Systems Administrator take to enable functionality?

• A. Set up an Amazon Cognit federation, and the obtain temporary credentials using AWS Security Token Servic
• B. Assign the temporary credentials to an IAM role to allow a developers access to the AWS resource.
• C. Set up Active Directory Connector to use the corporate AD servers Enable AWS console access under the AWS Directory Service Console for the AD Connector that was just create
• D. Created a role with the resources and permissions that the Development team should have access to use.
• E. Connect the corporate AD servers to AWS using Amazon Cognito user pools Enable AWS console access within conito, and then assign the appropriate role to the user pool.
• F. Create a SAML template file using IAM assign the template to the corporate AD through the Simple AD Grant the Development team access to the SAML template.

Answer: A

NEW QUESTION 17
A user has created a subnet with VPC and launched an EC2 instance in that subnet with only default settings. Which of the below mentioned options is ready to use on the EC2 instance as soon as it is launched?

• A. Elastic IP
• B. Private IP
• C. Public IP
• D. Internet gateway

Answer: B

Explanation:
A Virtual Private Cloud (VPC. is a virtual network dedicated to a user??s AWS account? A subnet is a range of IP addresses in the VPC. The user can launch the AWS resources into a subnet. There are two supported platforms into which a user can launch instances: EC2-Classic and EC2-VPC. When the user launches an instance which is not a part of the non-default subnet, it will only have a private IP assigned to it. The instances part of a subnet can communicate with each other but cannot communicate over the internet or to the AWS services, such as RDS / S3.

NEW QUESTION 18
An organization has launched 5 instances: 2 for production and 3 for testing. The organization wants that one particular group of IAM users should only access the test instances and not the production ones. How can the organization set that as a part of the policy?

• A. Launch the test and production instances in separate regions and allow region wise access to the group
• B. Define the IAM policy which allows access based on the instance ID
• C. Create an IAM policy with a condition which allows access to only small instances
• D. Define the tags on the test and production servers and add a condition to the IAM policy which allows access to specific tags

Answer: D

Explanation:
AWS Identity and Access Management is a web service which allows organizations to manage users and user permissions for various AWS services. The user can add conditions as a part of the IAM policies. The condition can be set on AWS Tags, Time, and Client IP as well as on various parameters. If the organization wants the user to access only specific instances he should define proper tags and add to the IAM policy condition. The sample policy is shown below.
"Statement": [
{
"Action": "ec2:*",
"Effect": "Allow",
"Resource": "*", "Condition": { "StringEquals": {
"ec2:ResourceTag/InstanceType": "Production"
}
}
}
]

NEW QUESTION 19
You are currently hosting multiple applications in a VPC and have logged numerous port scans coming in from a specific IP address block. Your security team has requested that all access from the offending IP address block be denied for the next 24 hours.
Which of the following is the best method to quickly and temporarily deny access from the specified IP address block?

• A. Create an AD policy to modify Windows Firewall settings on all hosts in the VPC to deny access from the IP address block
• B. Modify the Network ACLs associated with all public subnets in the VPC to deny access from the IP address block
• C. Add a rule to all of the VPC 5 Security Groups to deny access from the IP address block
• D. Modify the Windows Firewall settings on all Amazon Machine Images (AMIs) that your organization uses in that VPC to deny access from the IP address block

Answer: B

Explanation:
Reference:
http://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_SecurityGroups.html

NEW QUESTION 20
A user wants to make so that whenever the CPU utilization of the AWS EC2 instance is above 90%, the redlight of his bedroom turns on. Which of the below mentioned AWS services is helpful for this purpose?

• A. AWS CloudWatch + AWS SES
• B. AWS CloudWatch + AWS SNS
• C. Non
• D. It is not possible to configure the light with the AWS infrastructure services
• E. AWS CloudWatch and a dedicated software turning on the light

Answer: B

Explanation:
Amazon Simple Notification Service (Amazon SNS. is a fast, flexible, and fully managed push messaging service. Amazon SNS can deliver notifications by SMS text message or email to the Amazon Simple Queue Service (SQS. queues or to any HTTP endpoint. The user can configure some sensor devices at his home which receives data on the HTTP end point (REST calls. and turn on the red light. The user can configure the CloudWatch alarm to send a notification to the AWS SNS HTTP end point (the sensor device. and it will turn the light red when there is an alarm condition.

NEW QUESTION 21
......